-
Notifications
You must be signed in to change notification settings - Fork 224
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
More details on license and adding links to the README.
- Loading branch information
Isaac Potoczny-Jones
committed
Feb 4, 2015
1 parent
f276bcb
commit 8a16565
Showing
2 changed files
with
6 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,15 +1,16 @@ | ||
| java-aes-crypto | ||
| =============== | ||
|
|
||
| A simple Android class for encrypting & decrypting strings, aiming to avoid the classic mistakes that most such classes suffer from. | ||
| A simple Android class for encrypting & decrypting strings, aiming to avoid [serious cryptographic errors](http://tozny.com/blog/encrypting-strings-in-android-lets-make-better-mistakes/) that most such classes suffer from. | ||
|
|
||
| Properties | ||
| Features | ||
| ========== | ||
| Here are the properties of this class. We believe that these properties are consistent with what a lot of people are looking for: | ||
| Here are the features of this class. We believe that these properties are consistent with what a lot of people are looking for when encrypting Strings in Android. | ||
|
|
||
| * *Paste-ability*: It's a very simple Java class that works across most or all versions of Android. The class should be easy to paste into an existing codebase. | ||
| * *Works for strings*: It should encrypt arbitrary strings or byte arrays. This means it needs to effectively handle multiple blocks (CBC) and partial blocks (padding). It consistently serializes and deserializes ciphertext, IVs, and key material using base64 to make it easy to store. | ||
| * *Algorithm & Mode*: We chose: AES 128, CBC, and PKCS5 padding. We would have picked GCM for its built-in integrity checking, but that's only available since Android Jelly Bean. | ||
| * *IV Handling*: We securely generate a random IV before each encryption and provide a simple class to keep the IV and ciphertext together so they're easy to keep track of and store. We set the IV and then request it back from the Cipher class for compatibility across various Android versions. | ||
| * *Key generation*: Random key generation with the updated generation code recommended for Android. If you want password-based keys, we provide functions to salt and generate them. | ||
| * *Integrity*: Lots of people think AES has integrity checking built in. The thinking goes, "if it decrypts correctly, it was generated by the person with the private key". Actually, AES CBC allows an attacker to modify the messages. Therefore, we've also added integrity checking in the form of a SHA 256 hash. | ||
| * *Integrity*: Lots of people think AES has integrity checking built in. The thinking goes, "if it decrypts correctly, it was generated by the person with the private key". Actually, AES CBC allows an attacker to modify the messages. Therefore, we've also added integrity checking in the form of a SHA 256 hash. | ||
| * *License*: The included MIT license is compatible with open source or commercial products. Tozny also offers custom support and licensing terms if your organization has different needs. Contact us at [[email protected]](mailto:[email protected]) for more details. |